diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/configuration/interfaces/wireless.rst | 150 |
1 files changed, 126 insertions, 24 deletions
diff --git a/docs/configuration/interfaces/wireless.rst b/docs/configuration/interfaces/wireless.rst index 8a45111e..d93e983e 100644 --- a/docs/configuration/interfaces/wireless.rst +++ b/docs/configuration/interfaces/wireless.rst @@ -7,9 +7,9 @@ WLAN/WIFI - Wireless LAN ######################## :abbr:`WLAN (Wireless LAN)` interface provide 802.11 (a/b/g/n/ac) wireless -support (commonly referred to as Wi-Fi) by means of compatible hardware. If your -hardware supports it, VyOS supports multiple logical wireless interfaces per -physical device. +support (commonly referred to as Wi-Fi) by means of compatible hardware. If +your hardware supports it, VyOS supports multiple logical wireless interfaces +per physical device. There are three modes of operation for a wireless interface: @@ -50,10 +50,19 @@ System Wide configuration Wireless options ================ +.. cfgcmd:: set system wireless country-code <cc> + + Country code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed + to indicate country in which the box is operating. This can limit available + channels and transmit power. + + .. note:: This option is mandatory in Access-Point mode. + .. cfgcmd:: set interfaces wireless <interface> channel <number> Channel number (IEEE 802.11), for 2.4Ghz (802.11 b/g/n) channels range from - 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173 + 1-14. On 5Ghz (802.11 a/h/j/n/ac) channels available are 0, 34 to 173. + On 6GHz (802.11 ax) channels range from 1 to 233. .. cfgcmd:: set interfaces wireless <interface> disable-broadcast-ssid @@ -87,7 +96,16 @@ Wireless options Management Frame Protection (MFP) according to IEEE 802.11w -.. cfgcmd:: set interfaces wireless <interface> mode <a | b | g | n | ac> + .. note:: :abbr:`MFP (Management Frame Protection)` is required for WPA3. + +.. cfgcmd:: set interfaces wireless <interface> enable-bf-protection + + Beacon Protection: management frame protection for Beacon frames. + + .. note:: This option requires :abbr:`MFP (Management Frame Protection)` + to be enabled. + +.. cfgcmd:: set interfaces wireless <interface> mode <a | b | g | n | ac | ax> Operation mode of wireless radio. @@ -96,6 +114,9 @@ Wireless options * ``g`` - 802.11g - 54 Mbits/sec (default) * ``n`` - 802.11n - 600 Mbits/sec * ``ac`` - 802.11ac - 1300 Mbits/sec + * ``ax`` - 802.11ax - exceeds 1GBit/sec + + .. note:: In VyOS, 802.11ax is only implemented for 6GHz as of yet. .. cfgcmd:: set interfaces wireless <interface> physical-device <device> @@ -134,7 +155,9 @@ PPDU .. cfgcmd:: set interfaces wireless <interface> capabilities require-ht -.. cfgcmd:: set interfaces wireless <interface> capabilities require-hvt +.. cfgcmd:: set interfaces wireless <interface> capabilities require-vht + +.. cfgcmd:: set interfaces wireless <interface> capabilities require-he HT (High Throughput) capabilities (802.11n) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -152,6 +175,7 @@ HT (High Throughput) capabilities (802.11n) Supported channel width set. + * ``ht20`` - 20 MHz channel width * ``ht40-`` - Both 20 MHz and 40 MHz with secondary channel below the primary channel * ``ht40+`` - Both 20 MHz and 40 MHz with secondary channel above the primary @@ -237,10 +261,14 @@ VHT (Very High Throughput) capabilities (802.11ac) Beamforming capabilities: - * ``single-user-beamformer`` - Support for operation as single user beamformer - * ``single-user-beamformee`` - Support for operation as single user beamformee - * ``multi-user-beamformer`` - Support for operation as single user beamformer - * ``multi-user-beamformee`` - Support for operation as single user beamformer + * ``single-user-beamformer`` - Support for operation as + single user beamformer + * ``single-user-beamformee`` - Support for operation as + single user beamformee + * ``multi-user-beamformer`` - Support for operation as + multi user beamformer + * ``multi-user-beamformee`` - Support for operation as + multi user beamformee .. cfgcmd:: set interfaces wireless <interface> capabilities vht center-channel-freq <freq-1 | freq-2> <number> @@ -265,7 +293,8 @@ VHT (Very High Throughput) capabilities (802.11ac) Enable LDPC (Low Density Parity Check) coding capability -.. cfgcmd:: set interfaces wireless <interface> capabilities vht link-adaptation +.. cfgcmd:: set interfaces wireless <interface> + capabilities vht link-adaptation VHT link adaptation capabilities @@ -277,7 +306,8 @@ VHT (Very High Throughput) capabilities (802.11ac) .. cfgcmd:: set interfaces wireless <interface> capabilities vht max-mpdu-exp <value> - Set the maximum length of A-MPDU pre-EOF padding that the station can receive + Set the maximum length of A-MPDU pre-EOF padding that the station can + receive .. cfgcmd:: set interfaces wireless <interface> capabilities vht short-gi <80 | 160> @@ -300,6 +330,58 @@ VHT (Very High Throughput) capabilities (802.11ac) Station supports receiving VHT variant HT Control field +HE (High Efficiency) capabilities (802.11ax) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. cfgcmd:: set interfaces wireless <interface> + capabilities he antenna-pattern-fixed + + Tell the AP that antenna positions are fixed and will not change + during the lifetime of an association. + +.. cfgcmd:: set interfaces wireless <interface> capabilities he beamform + <single-user-beamformer | single-user-beamformee | multi-user-beamformer> + + Beamforming capabilities: + + * ``single-user-beamformer`` - Support for operation as + single user beamformer + * ``single-user-beamformee`` - Support for operation as + single user beamformee + * ``multi-user-beamformer`` - Support for operation as single + user beamformer + +.. cfgcmd:: set interfaces wireless <interface> + capabilities he bss-color <number> + + BSS coloring helps to prevent channel jamming when multiple APs use + the same channels. + + Valid values are 1..63 + +.. cfgcmd:: set interfaces wireless <interface> capabilities he + center-channel-freq <freq-1 | freq-2> <number> + + HE operating channel center frequency - center freq 1 + (for use with 80, 80+80 and 160 modes) + + HE operating channel center frequency - center freq 2 + (for use with the 80+80 mode) + + <number> must be within 1..233. For 80 MHz channels it should be + channel + 6 and for 160 MHz channels, it should be channel + 14. + +.. cfgcmd:: set interfaces wireless <interface> + capabilities he channel-set-width <number> + + <number> must be one of: + + * ``131`` - 20 MHz channel width + * ``132`` - 40 MHz channel width + * ``133`` - 80 MHz channel width + * ``134`` - 160 MHz channel width + * ``135`` - 80+80 MHz channel width + Wireless options (Station/Client) ================================= @@ -309,9 +391,9 @@ default physical device (``phy0``) is used. .. code-block:: none + set system wireless country-code de set interfaces wireless wlan0 type station set interfaces wireless wlan0 address dhcp - set interfaces wireless wlan0 country-code de set interfaces wireless wlan0 ssid Test set interfaces wireless wlan0 security wpa passphrase '12345678' @@ -319,11 +401,14 @@ Resulting in .. code-block:: none + system { + wireless { + country-code de + } + } interfaces { - [...] wireless wlan0 { address dhcp - country-code de security { wpa { passphrase "12345678" @@ -336,13 +421,13 @@ Resulting in Security ======== -:abbr:`WPA (Wi-Fi Protected Access)` and WPA2 Enterprise in combination with -802.1x based authentication can be used to authenticate users or computers -in a domain. +:abbr:`WPA (Wi-Fi Protected Access)`, WPA2 Enterprise and WPA3 Enterprise in +combination with 802.1x based authentication can be used to authenticate +users or computers in a domain. The wireless client (supplicant) authenticates against the RADIUS server (authentication server) using an :abbr:`EAP (Extensible Authentication -Protocol)` method configured on the RADIUS server. The WAP (also referred +Protocol)` method configured on the RADIUS server. The WAP (also referred to as authenticator) role is to send all authentication messages between the supplicant and the configured authentication server, thus the RADIUS server is responsible for authenticating the users. @@ -356,10 +441,11 @@ The WAP in this example has the following characteristics: * Wireless channel ``1`` * RADIUS server at ``192.168.3.10`` with shared-secret ``VyOSPassword`` +.. stop_vyoslinter .. code-block:: none + set system wireless country-code de set interfaces wireless wlan0 address '192.168.2.1/24' - set interfaces wireless wlan0 country-code de set interfaces wireless wlan0 type access-point set interfaces wireless wlan0 channel 1 set interfaces wireless wlan0 mode n @@ -369,15 +455,21 @@ The WAP in this example has the following characteristics: set interfaces wireless wlan0 security wpa radius server 192.168.3.10 key 'VyOSPassword' set interfaces wireless wlan0 security wpa radius server 192.168.3.10 port 1812 +.. start_vyoslinter + Resulting in .. code-block:: none + system { + wireless { + country-code de + } + } interfaces { [...] wireless wlan0 { address 192.168.2.1/24 - country-code de channel 1 mode n security { @@ -434,6 +526,7 @@ about all wireless interfaces. Use this command to view operational status and details wireless-specific information about all wireless interfaces. +.. stop_vyoslinter .. code-block:: none vyos@vyos:~$ show interfaces wireless detail @@ -461,11 +554,14 @@ information about all wireless interfaces. TX: bytes packets errors dropped carrier collisions 183413 5430 0 0 0 0 +.. start_vyoslinter + .. opcmd:: show interfaces wireless <wlanX> This command shows both status and statistics on the specified wireless interface. The wireless interface identifier can range from wlan0 to wlan999. +.. stop_vyoslinter .. code-block:: none vyos@vyos:~$ show interfaces wireless wlan0 @@ -481,6 +577,8 @@ interface. The wireless interface identifier can range from wlan0 to wlan999. TX: bytes packets errors dropped carrier collisions 83413 430 0 0 0 0 +.. start_vyoslinter + .. opcmd:: show interfaces wireless <wlanX> brief @@ -557,6 +655,7 @@ The WAP in this example has the following characteristics: .. code-block:: none + set system wireless country-code de set interfaces wireless wlan0 address '192.168.2.1/24' set interfaces wireless wlan0 type access-point set interfaces wireless wlan0 channel 1 @@ -565,18 +664,21 @@ The WAP in this example has the following characteristics: set interfaces wireless wlan0 security wpa mode wpa2 set interfaces wireless wlan0 security wpa cipher CCMP set interfaces wireless wlan0 security wpa passphrase '12345678' - set interfaces wireless wlan0 country-code de Resulting in .. code-block:: none + system { + wireless { + country-code de + } + } interfaces { [...] wireless wlan0 { address 192.168.2.1/24 channel 1 - country-code de mode n security { wpa { @@ -611,8 +713,8 @@ still put this card into AP mode using the following configuration: .. stop_vyoslinter .. code-block:: none + set system wireless country-code 'us' set interfaces wireless wlan0 channel '1' - set interfaces wireless wlan0 country-code 'us' set interfaces wireless wlan0 mode 'n' set interfaces wireless wlan0 physical-device 'phy0' set interfaces wireless wlan0 ssid 'VyOS' |